Community help

pushyami · ‎06-04-2018

HI, I am trying to figure out something that I need some consultation on.

On Canvas Files tool page, I would like to add a new column/piece of information relating to how many people accessed a particular file using custom Javascript that canvas allows to customize certain stuff using Themes tool. Let's image I have external service( getting data either from Canvas Live events or Canvas Data) that provides me with that piece of information. All I need to do is make a call to the service like GET: access_count/file_1.pdf` return count. Obviously, I need to put this service behind some sort of OAuth( simplest basic OAuth
)to protect unauthorized access. Since I call this service from javascript I can't store Oauth token in the Js file. Is there an alternative way that I can I accomplish my goal?

robotcars · ‎06-05-2018

If you aren't providing any personally identifiable information, and privacy of the data isn't a concern... because file counts are pretty benign...

On something like AWS, you could setup the security group to allow access only from 1 source

x.instructure.com and then a CORS setup in your service to match.

REST Security Cheat Sheet - OWASP

Management endpoints

Restrict access to these endpoints by firewall rules or use of access control lists.

Cross-Origin Resource Sharing (CORS) is a W3C standard to flexibly specify what cross-domain requests are permitted. By delivering appropriate CORS Headers your REST API signals to the browser which domains, AKA origins, are allowed to make JavaScript calls to the REST service.

pushyami · ‎06-06-2018

Thank you this is helpful just putting it out there and knowing what is and not possible.

How to access External service behind Oauth using Custom JavaScript on Canvas?

Integrate a React App (Not Canvas) to be Canvas LM...

Donot have valid data to test certain APIs

Getting Canvas LTI Data

Prevent Faculty From Using "EX" grade in Gradebook

Can you using "People" Lists to display Observed U...

UI for weekly progression idea

Is the ‘Enable self assessment’ field available in...

Canvas Rubrics API Criteria

api/v1/courses/sis_course_id:{id#}/sections - Not ...

add `desc` or `asc` to a few api calls that are al...

You're signed out

How to access External service behind Oauth using Custom JavaScript on Canvas?

Community help

View our top guides and resources: